--- /dev/null
+The version of sudo that ships with Debian by default resets the
+environment, as described by the "env_reset" flag in the sudoers file.
+
+This implies that all environment variables are removed, except for
+HOME, LOGNAME, PATH, SHELL, TERM, DISPLAY, XAUTHORITY, XAUTHORIZATION,
+LANG, LANGUAGE, LC_*, and USER.
+
+In case you want sudo to preserve more environment variables, you must
+specify the env_keep variable in the sudoers file. You should edit the
+sudoers file using the visudo tool.
+
+Examples:
+Preserve the default variables plus the EDITOR variable:
+
+ Defaults env_keep+="EDITOR"
+
+Preserve the default variables plus all variables starting with LC_:
+
+ Defaults env_keep+="LC_*"
+sudo (1.6.6-1.6) oldstable-security; urgency=medium
+
+ * Non-maintainer upload by the Security Team
+ * Reworked the former patch to limit environment variables from being
+ passed through, set env_reset as default instead [sudo.c, env.c,
+ sudoers.pod, Bug#342948, CVE-2005-4158]
+ * env_reset is now set by default
+ * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
+ DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
+ (in addition to the SUDO_* variables)
+ * Rebuild sudoers.man.in from the POD file
+ * Added README.Debian
+
+ -- Martin Schulze <joey@infodrom.org> Mon, 20 Mar 2006 22:56:43 +0100
+
sudo (1.6.6-1.5) oldstable-security; urgency=high
* Non-maintainer upload by the Security Team
--disable-root-mailer $(grosshack) \
--with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin"
+ -rm -f sudoers.man.in sudoers.man
+ make sudoers.man.in sudoers.man
-$(MAKE)
touch build-stamp
}
}
+ if (!strncmp (*ep, "DISPLAY=",8)
+ || !strncmp (*ep, "XAUTHORITY=", 11)
+ || !strncmp (*ep, "XAUTHORIZATION=", 15)
+ || !strncmp (*ep, "LANG=", 5)
+ || !strncmp (*ep, "LANGUAGE=", 9)
+ || !strncmp (*ep, "LC_", 3))
+ keepit = 1;
+
/* For SUDO_PS1 -> PS1 conversion. */
if (strncmp(*ep, "SUDO_PS1=", 8) == 0)
ps1 = *ep + 5;
* env_check.
*/
for (ep = envp; *ep; ep++) {
- okvar = 0;
+ okvar = 1;
/* Skip variables with values beginning with () (bash functions) */
if ((cp = strchr(*ep, '=')) != NULL &&
continue;
/* Skip anything listed in env_delete. */
-#if 0
for (cur = def_list(I_ENV_DELETE); cur && okvar; cur = cur->next) {
len = strlen(cur->value);
/* Deal with '*' wildcard */
okvar = 0;
}
}
-#endif
/* Check certain variables for '%' and '/' characters. */
- for (cur = def_list(I_ENV_CHECK); cur; cur = cur->next) {
+ for (cur = def_list(I_ENV_CHECK); cur && okvar; cur = cur->next) {
len = strlen(cur->value);
/* Deal with '*' wildcard */
if (cur->value[len - 1] == '*') {
iswild = 0;
if (strncmp(cur->value, *ep, len) == 0 &&
(iswild || (*ep)[len] == '=') &&
- strpbrk(*ep, "/%") == NULL) {
- okvar = 1;
+ strpbrk(*ep, "/%")) {
+ okvar = 0;
}
}
return(rval);
}
+ def_flag(I_ENV_RESET) = TRUE;
while (NewArgc > 0 && NewArgv[0][0] == '-') {
if (NewArgv[0][1] != '\0' && NewArgv[0][2] != '\0') {
(void) fprintf(stderr, "%s: Please use single character options\n",
If set, B<sudo> will reset the environment to only contain the
following variables: C<HOME>, C<LOGNAME>, C<PATH>, C<SHELL>, C<TERM>,
+C<DISPLAY>, C<XAUTHORITY>, C<XAUTHORIZATION>,
+C<LANG>, C<LANGUAGE>, C<LC_*>,
and C<USER> (in addition to the C<SUDO_*> variables).
-Of these, only C<TERM> is copied unaltered from the old environment.
+
+Of these, only C<TERM>, C<DISPLAY>, C<XAUTHORITY>, C<XAUTHORIZATION>,
+C<LANG>, C<LANGUAGE>, and C<LC_*> are copied unaltered from the old environment.
The other variables are set to default values (possibly modified
by the value of the I<set_logname> option). If B<sudo> was compiled
with the C<SECURE_PATH> option, its value will be used for the C<PATH>
environment variable.
+
+This option is enabled by default.
+
Other variables may be preserved with the I<env_keep> option.
=item use_loginclass